.NET Core WebApi + Angular Authentication & Authorization via applications in Microsoft Azure

Question

We have 2 web applications on Angular (FE_1, FE_2) and 3 API applications on .NET Core (see picture) Need to login at once time from one site and working between two without any additional authorization processes I mean, when we log in to site1 and receive token #1, I want this token to work with API_2 as well, and vice versa, when we log in to site2 and receive token #2, I want to use this token to work as well with API_1

So my question is how to properly configure applications in Azure and configure them internally based on the described architecture ?

Answer 1

Thankyou Manish . Posting your suggestion as an answer to help the other community members.

from the provided architecture in BE code add the list of valid audiences as per the below image make it to true

Below is the sample code where you can check the valid audience code.

services.AddAuthentication(cfg =>
{
    cfg.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
    cfg.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(opt =>
{
    opt.Authority = "https://login.microsoftonline.com/common";
    opt.Audience = "api://A134d6c8-8078-2924-9e90-98cef862eb9a"; // Set this to the App ID URL for the web API, which you created when you registered the web API with Azure AD.

    opt.TokenValidationParameters = new TokenValidationParameters
    {
        ValidateIssuer = true, 
        ValidateAudience = true, 
        ValidAudiences = new List<String>
        {
            // you could add a list of valid audiences
            "A134d6c8-8078-2924-9e90-98cef862eb9a"
        }, 
        ValidIssuers = new List<string>
        {
            // Add tenant id after https://sts.windows.net/
            "https://sts.windows.net/{YourTenantId}"
        }
    };
    opt.Events = new JwtBearerEvents()
    {
        OnAuthenticationFailed = AuthenticationFailed
    };
});

For complete information check the SO .